Univention Bugzilla – Bug 48951
openjpeg2: Multiple issues (4.3)
Last modified: 2019-03-13 14:22:16 CET
New Debian openjpeg2 2.1.2-1.1+deb9u3 fixes: This update addresses the following issues: * Stack-buffer overflow in the pgxtovolume function (CVE-2017-17480) * integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785) * In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-6616) * Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). (CVE-2018-14423) * OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c (CVE-2018-18088)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/openjpeg2_2.1.2-1.1+deb9u2.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/openjpeg2_2.1.2-1.1+deb9u3.dsc @@ -1,3 +1,16 @@ +2.1.2-1.1+deb9u3 [Thu, 07 Mar 2019 16:41:30 -0500] Luciano Bello <luciano@debian.org>: + + * Non-maintainer upload by the Security Team. + * CVE-2018-14423: Division-by-zero vulnerabilities in the functions + pi_next_pcrl, pi_next_cprl, and pi_next_rpcl (closes: #904873). + * CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks + (closes: #889683). + * CVE-2017-17480: Write stack buffer overflow due to missing buffer + length formatter in fscanf call (closes: #884738). + * CVE-2018-18088: Null pointer dereference caused by null image + components in imagetopnm (closes: #910763). + * CVE-2018-5785: Integer overflow in convertbmp.c (closes: #888533). + 2.1.2-1.1+deb9u2 [Mon, 16 Oct 2017 21:15:20 +0200] Mathieu Malaterre <malat@debian.org>: * Fix whitespace/indent mess <http://10.200.17.11/4.3-3/#6512527586340119909>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 1ccb099747 Bug #48951: openjpeg2 2.1.2-1.1+deb9u3 doc/errata/staging/openjpeg2.yaml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) [4.3-3] 4e3b5d3402 Bug #48951: openjpeg2 2.1.2-1.1+deb9u3 doc/errata/staging/openjpeg2.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+)
<http://errata.software-univention.de/ucs/4.3/453.html>